Unimus RouterOS backup -> /user

General discussion of anything Unimus
Post Reply
Brambb15
Posts: 7
Joined: Mon Apr 30, 2018 7:33 pm

Mon Apr 12, 2021 9:30 am

Hi,

Is it known that (the default) /export does not contain /user information?

Is there a workaround to get this configuration included in Unimus? or maybe add a option when RouterOS is detected is also does a '/user export'
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Mon Apr 12, 2021 10:21 am

"/user" and "/certificate" are indeed not exported by RouterOS.

RouterOS does this is for security reasons, since exporting users would not export their password anyway. Same for certificates.

Having "/user export" as a part of our RouterOS backup procedure is indeed possible - the question is if it should be done - since if you were to re-import it, users would be created with empty password, which is not a good thing for security...
Brambb15
Posts: 7
Joined: Mon Apr 30, 2018 7:33 pm

Wed Apr 14, 2021 7:59 am

Hi Tomas,

That is true. But could there be a separate option to have this export enabled just for MT devices? Maybe a separate export/config?

The -part of- background story is that one of our routers still had the default admin enabled without a password. We never noticed this and wanted to check in Unimus if someone changed this by accident or we just forget to disable the user.
In the end it ~seems~ to be a CHR bug when there is disk problem being in read-only mode. We still have to investigate that.
That made us look in Unimus to see when this happened, not no configuration was altered.

So maybe with a extra option we can at least see the user-configuration in Unimus for RouterOS so you can see that a user is enabled or not and which group they belong to!. We don't need it for password backup or such but just to see which users there are enabled.
(we also plan to monitor this now with our monitoring system so we don't NEED unimus for this solution but it might be a small investment for you to have this option there..)
Brambb15
Posts: 7
Joined: Mon Apr 30, 2018 7:33 pm

Tue May 25, 2021 9:01 am

*bump*
But is it a nice feature request to be able to add (with notes that is should not be used as configuration back-up) - Or would it be better off in another (monitoring)solution?

In our case unimus would have told us that 'user=admin enabled=no' was changed to 'user=admin'.
I agree that our problem needs another solution but Unimus could have shown us a configuration change as well which would have helped.
Post Reply